Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc6cd07a by security tracker role at 2019-05-19T20:10:35Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in
BoostIO Boost ...)
+ TODO: check
+CVE-2019-12183
+ RESERVED
+CVE-2019-12182
+ RESERVED
+CVE-2019-12181
+ RESERVED
+CVE-2019-12180
+ RESERVED
+CVE-2019-12179
+ RESERVED
+CVE-2019-12178
+ RESERVED
+CVE-2019-12177
+ RESERVED
+CVE-2019-12176
+ RESERVED
CVE-2019-12175
RESERVED
CVE-2019-12174
@@ -1325,6 +1343,7 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer
overflow in dhcp6_findna i
[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
NOTE:
https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow
with DHO ...)
+ {DLA-1793-1}
- dhcpcd5 7.1.0-2 (low; bug #928104)
[stretch] - dhcpcd5 <no-dsa> (Minor issue)
NOTE:
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
@@ -20667,7 +20686,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was
discovered in libvirt before
NOTE:
https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
CVE-2019-3839 (It was found that in ghostscript some privileged operators
remained ac ...)
- {DSA-4442-1}
+ {DSA-4442-1 DLA-1792-1}
- ghostscript 9.27~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
NOTE: To prevent pdf2dsc regression additionally:
@@ -22589,6 +22608,7 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in
LibRaw 0.19.1 has a NULL
NOTE: Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root
cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of
libfaad/f ...)
+ {DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/26
@@ -23199,12 +23219,14 @@ CVE-2018-20199 (A NULL pointer dereference was
discovered in ifilter_bank of lib
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/24
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of
libfaad/f ...)
+ {DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/23
NOTE: same underlying issue as CVE-2018-20362, same fix:
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20197 (There is a stack-based buffer underflow in the third instance
of the c ...)
+ {DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/20
NOTE: very similar to CVE-2018-20194, same fix:
@@ -23218,6 +23240,7 @@ CVE-2018-20195 (A NULL pointer dereference was
discovered in ic_predict of libfa
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/25
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance
of the c ...)
+ {DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/21
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc6cd07afb75335719c506dfa9bf2cc480713562
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
